I lost the thread somewhere, and I want to comment on a remark about who signs packages in the release candidates.
I think there is a "requirement", or probably just an assumption, that the source package be signed by the Release Manager, so if you want to check the package and then replace the signature with yours you can just delete the current .asc files and upload the new ones. If not, I doubt anyone will complain. I think the signature provided by the committer who constructs any uploaded packages should be retained. It is a matter of signing as the work of the committer who did it. I think the source package should definitely be signed by the RM, because the RM usually provides that much, but it doesn't have to be. After that, any committer whose public certificate is in the release folder KEYS file, including the RM, can verify the .asc signature(s) and also *add* their own once satisfied by whatever criteria they mean to signify. Adding signatures is a matter of creating another --detach-sign --armor signature and splicing all of it, including the BEGIN and END markers, onto the end of the existing one. It should still verify and also report both (or more) signatures. Just ensure that the markers are on lines by themselves. I just added my signature, locally, to the current Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe.asc file. No problem. The attachment, if it comes through, shows what that looks like. - Dennis > -----Original Message----- > From: Patricia Shanahan [mailto:p...@acm.org] > Sent: Saturday, October 1, 2016 09:35 > To: dev@openoffice.apache.org > Subject: Re: Which source files in release? > > > > On 10/1/2016 9:24 AM, Andrea Pescetti wrote: > > Patricia Shanahan wrote: > >> The idea is to start from a clean check-out, not configured, move the > >> LICENSE, NOTICE, and README files, and delete what is not needed. > "what > >> is not needed" should be a relatively short list, including the .svn > >> files and also ext_sources. > > > > While I would have gone for Bash too, the ant script in the end does > the > > same and it is quite easy to maintain. > > > > The trunk version already contains several improvements with respect > to > > the one we have in AOO413. > > > > I've tried to build a source package for 4.1.3 by applying the two > > changes I applied to trunk earlier today and that are documented at > > https://bz.apache.org/ooo/show_bug.cgi?id=126605 > > https://bz.apache.org/ooo/show_bug.cgi?id=127148 > > to a normal 4.1.3 build tree. > > > > The results are at > > http://home.apache.org/~pescetti/openoffice-4.1.3-r1761381-src/ > > and comparison with an SVN export gives the expected results. > > > > Patricia: feel free to reuse these packages (you may want to remove my > > signature and add yours in case, after you check them); I didn't > upload > > them to SVN to avoid confusion, but I can of course do so if you are > > going to reuse these. Otherwise no problem at all if you prefer to > > package/supply the sources differently. > > For 4.1.3, I am in "Don't rock the boat" mode. Anything that gets us to > release sooner is good. It looks as though you already have the packages > we need, so please go ahead and SVN them. > > Thanks, > > Patricia > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org > For additional commands, e-mail: dev-h...@openoffice.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
